DISCLAIMER

By using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it's not our fault.

ABOUT

Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people:

"A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success." - Calvin Coolidge

"Energy and persistence conquer all things." - Benjamin Franklin

"Persistence and resilience only come from having been given the chance to work though difficult problems." - Gever Tulley

GOAL

Get a root shell and read the contents of /root/flag.txt to complete the challenge!

SETUP

The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors:

VMware Fusion 6
VMware Player 6
VMware Workstation 10
VirtualBox 4.3

SHOUT OUTS

Thanks @VulnHub for kindly hosting this challenge, and thanks to @recrudesce for testing it and providing valuable feedback!

Welcome to The Owl Nest
Owls are lovely but hates you :)
and maybe after this one, you will hate them too.

Notes from the author:
I hope you will enjoy this game, i spent a fairly high amount of effort to build this, in an attempt to make the game funny, and provide an avarage amount of frustration to the players :)
Even if the machine was tested, maybe there are shortcuts to reach the flag.. hopefully not :)

Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.

On this virtual machine, you will find: a website for a fictitious seafood company, self-contained email infrastructure to receive phishes, and two desktop environments. One desktop environment is a vulnerable Linux client-side attack surface. The other is a vulnerable Windows client-side attack surface.

Morning Catch uses a bleeding edge version of WINE to run a few vulnerable Windows applications AND experiment with post-exploitation tools in a fun and freely re-distributable environment.

Login Screen

Your use of Morning Catch starts with the login screen.

Boyd Jenius is the Systems Administrator and his password is ‘password’. Login as Boyd to get to the vulnerable Linux desktop.

Richard Bourne is Morning Catch’s CEO and his password is also ‘password’. Login as Richard to get to the vulnerable Windows desktop.

You can also RDP into the Morning Catch environment.

Windows Desktop

Richard’s desktop includes the Windows’ versions of Firefox, Thunderbird, Java, and putty. Open up Thunderbird to check Richard’s email.

You can send a phish to him too. This VM includes a mail server to receive email for users at the morningcatch.ph domain. Open up a terminal and find out the IP address of the VM. Make sure you relay messages through this server. Use [email protected] as the address.

Are you looking for some attacks to try? Here are a few staples:

Spin up a malicious Java Applet and visit it as Richard.
The Firefox add-on attack exploit in the Metasploit Framework is a great candidate.
Or, generate an executable with your payload and run it as Richard. I’m sure he won’t mind.
Morning Catch’s WINE environment runs post-exploitation payloads, to include Windows Meterpreter and Beacon, without too much trouble.

Linux Desktop

Boyd’s desktop is the vulnerable Linux attack surface. Boyd has the Linux versions of Firefox, Java, and Thunderbird. Boyd also has an SSH key for the Metasploitable 2 virtual machine. Try to ssh to Metasploitable 2 as root and see what happens.

Webmail

Morning Catch also includes RoundCube webmail for all of its users. Use this as a target to clone and harvest passwords from.

Hopes and Dreams

Morning Catch isn’t a replacement for a vulnerable Windows lab. It’s a safe and freely redistributable target to experiment with phishing and client-side attacks. It’s my hope that this environment will help more people experiment with and understand these attacks better.

Are you in Las Vegas for BlackHat USA or DEF CON? Stop by the Black Hat Arsenal on Wednesday at 10am for a demo of this new environment and a Morning Catch sticker. I’m also giving away DVDs with a revised Cobalt Strike pen testing lab that uses Morning Catch. Find me at the Cobalt Strike kiosk in the Innovation City portion of the Black Hat USA Exhibitor Hall. I will also give away these DVDs at the Cobalt Strike table in the DEF CON vendor area.

Walkthroughs

The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.

Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.

* This is a spoiler. It could possibly show you a way of completely solving it.

Download Links

Here you can download the mentioned files using various methods.

We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.

For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).

We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.

To make sure everyone using VulnHub has the best experience possible using the site, we have had to

limit the amount of simultaneous direct download files to two files, with a max speed of 3mb

.
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.

If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.

If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.